I searched for the right place asking this, nothing was 100% suitable, hope this place is not too wrong.
My question is basically about vpn routing. I uploaded a topology picture of the current setup and the target setup.
I think I put all the necessary information inside, nonetheless, below few words about it :-)
The final target is like:
- Communication between Site-Z and Site-D, E & F should be unencrypted but still inspected by the firewalls using dedicated private line
- Site-D is acting as hub for Site-E & F to reach Site-Z
- Site-D itself is communicating as well to Size-Z using the private line
- Private line is transparent to the SGWs. They just need to sent the traffic to the corresponding site RTR.
- Remove Site-D, E & F from Star VPN Community
- Using vpn_route.conf to promote FW_SiteD as Hub GW for Site-E & F
- Set some static routes on FW_SiteD to route traffic from Site-D, E & F through private line to Site-Z
- Set some static routes on FW_SiteZ to route traffic from Site-Z through private line to Site-D, E & F
I tested this already in a lab and it´s working fine so far.
My question to you, is this a common / proven way to achieve the target scenario? Or did i missed something / are there better ways to do?
I´m wondering if there is another way which is more, let´s say, "visible"?
I appreciate any kind of feedback, especially on any real world experience on this kind of setup.